Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Azi4tNUZJrNskKbyHejrP2JhGLU.roa
File:                     Azi4tNUZJrNskKbyHejrP2JhGLU.roa (raw, json)
Hash identifier:          4GH8ea7CGfqoP+1GcsuR5UJrhkODPo9dvpcc9KBglUU=
Subject key identifier:   03:38:B8:B4:D5:19:26:B3:6C:90:A6:F2:1D:E8:EB:3F:62:61:18:B5
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0194B115D8755737BC8274B323A6E1B8EF13
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Azi4tNUZJrNskKbyHejrP2JhGLU.roa
Signing time:             Wed 29 Jan 2025 08:03:06 +0000
ROA not before:           Wed 29 Jan 2025 08:03:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56740
IP address blocks:        46.8.188.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:15:d8:75:57:37:bc:82:74:b3:23:a6:e1:b8:ef:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan 29 08:03:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0338b8b4d51926b36c90a6f21de8eb3f626118b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6a:d4:72:42:ae:f7:41:f0:5a:39:05:5b:8e:
                    69:7b:d8:3f:8c:4e:3b:79:2e:0e:69:eb:6e:35:d4:
                    a3:f8:28:e3:fe:3c:18:53:cb:8c:9f:43:57:61:27:
                    19:79:33:f2:a0:1b:fa:ed:5a:2b:6f:6d:69:0d:c1:
                    74:be:29:cc:7a:34:4b:5b:25:01:d3:f8:57:0d:ea:
                    84:20:7d:f0:67:e5:4a:4d:62:95:df:93:87:37:d0:
                    9d:21:6f:6c:4d:62:2f:d9:a8:41:7a:95:ed:02:f5:
                    49:31:db:fe:df:28:13:e0:1b:b4:6e:f8:53:46:1e:
                    de:48:7f:70:17:aa:62:7c:1e:05:ad:50:cd:b4:c7:
                    2f:16:f4:eb:4d:2b:fb:4f:a0:4c:4f:0e:81:8b:07:
                    ef:ab:b8:ca:fb:6a:96:c1:0c:82:ce:89:85:b9:75:
                    07:b7:4d:85:9f:2e:15:cd:04:8e:16:d1:db:c3:ff:
                    cc:24:1f:63:0b:25:19:89:10:dd:cb:3f:fb:d5:23:
                    53:ff:60:a7:ba:4f:16:fd:ea:ac:75:8a:17:a0:69:
                    fc:e6:10:c7:40:c0:57:5c:96:71:00:34:85:04:d4:
                    f9:55:34:39:aa:30:6a:42:8f:bf:23:01:70:4f:3f:
                    e2:71:76:91:8b:d1:f6:57:7a:05:1c:e7:18:d3:6e:
                    82:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:38:B8:B4:D5:19:26:B3:6C:90:A6:F2:1D:E8:EB:3F:62:61:18:B5
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/Azi4tNUZJrNskKbyHejrP2JhGLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:f7:1e:1f:fe:52:f4:a0:0e:48:a8:0f:ce:d2:0e:73:df:b7:
         56:e5:41:8b:92:b8:70:e7:43:af:7d:6b:c4:88:8f:75:4e:bc:
         18:97:44:82:6e:19:99:7f:ed:4e:e9:6f:db:4f:6a:df:fc:c6:
         28:25:a8:b3:f7:8b:5f:a8:6a:58:9f:40:44:30:ce:3c:3f:3d:
         b4:80:b4:01:63:4b:bc:14:0d:19:67:5f:7f:7a:ab:d2:f1:dd:
         7d:44:9d:82:91:e3:39:69:a0:66:79:cc:d4:6a:13:ff:e3:8a:
         b6:08:29:25:f5:4c:f5:1e:36:b2:f5:24:13:af:9c:db:ee:4f:
         35:23:0c:83:23:69:ef:0f:b7:b3:76:07:13:e4:1f:43:51:ac:
         98:50:68:37:69:7d:0d:75:00:45:60:83:b7:90:6e:e8:24:c1:
         a4:30:fc:8d:5f:ba:81:d9:66:2f:2f:2b:fe:d1:86:39:78:0a:
         4c:14:2d:f8:0d:2b:d2:f3:05:f5:f4:b5:2e:e6:bc:67:f0:a4:
         51:9e:26:c5:83:38:d4:76:c0:f2:07:71:e2:d2:33:e2:b3:01:
         1d:94:48:2e:4e:55:e4:84:c3:58:c4:63:33:44:d2:cd:94:fa:
         c7:d1:44:eb:ce:3d:23:57:9a:ad:9b:e0:67:e0:c2:63:1f:de:
         e6:bd:52:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSxFdh1Vze8gnSzI6bhuO8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTI5MDgwMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzM4YjhiNGQ1MTkyNmIzNmM5MGE2ZjIxZGU4ZWIzZjYyNjExOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGrUckKu90HwWjkFW45pe9g/jE47
eS4OaetuNdSj+Cjj/jwYU8uMn0NXYScZeTPyoBv67Vorb21pDcF0vinMejRLWyUB
0/hXDeqEIH3wZ+VKTWKV35OHN9CdIW9sTWIv2ahBepXtAvVJMdv+3ygT4Bu0bvhT
Rh7eSH9wF6pifB4FrVDNtMcvFvTrTSv7T6BMTw6Biwfvq7jK+2qWwQyCzomFuXUH
t02Fny4VzQSOFtHbw//MJB9jCyUZiRDdyz/71SNT/2Cnuk8W/eqsdYoXoGn85hDH
QMBXXJZxADSFBNT5VTQ5qjBqQo+/IwFwTz/icXaRi9H2V3oFHOcY026CoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAM4uLTVGSazbJCm8h3o6z9iYRi1MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvQXppNHROVVpKck5za0tieUhlanJQMkpoR0xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLgi8MA0G
CSqGSIb3DQEBCwUAA4IBAQA39x4f/lL0oA5IqA/O0g5z37dW5UGLkrhw50OvfWvE
iI91TrwYl0SCbhmZf+1O6W/bT2rf/MYoJaiz94tfqGpYn0BEMM48Pz20gLQBY0u8
FA0ZZ19/eqvS8d19RJ2CkeM5aaBmeczUahP/44q2CCkl9Uz1Hjay9SQTr5zb7k81
IwyDI2nvD7ezdgcT5B9DUayYUGg3aX0NdQBFYIO3kG7oJMGkMPyNX7qB2WYvLyv+
0YY5eApMFC34DSvS8wX19LUu5rxn8KRRnibFgzjUdsDyB3Hi0jPiswEdlEguTlXk
hMNYxGMzRNLNlPrH0UTrzj0jV5qtm+Bn4MJjH97mvVIC
-----END CERTIFICATE-----